Ether (ETH) is being used to convert the stolen funds from the July 18 hack on Indian cryptocurrency exchange WazirX, according to data from on-chain tracker SpotOnChain. The attacker has reportedly exchanged over $200 million worth of the stolen assets for ETH. At present, the blacklisted wallet holds 59,097 ETH.
The hack resulted in the theft of 15,298 ETH directly from WazirX’s multisig wallet, as well as 200 different crypto assets, including $102 million worth of SHIB, $11.25 million worth of MATIC, $7.6 million worth of PEPE, $7.79 million worth of USDT, and $3.5 million worth of GALA. Most of these assets have now been converted to ETH, leaving the wallet with just over $11 million worth of altcoins like Chromia (CHR), Celer Network (CELR), Frontier (FRONT), and Ooki (OOKI) tokens.
Blockchain analytics firm Lookonchain also noted that the hacker deposited 7.7 million DENT tokens into a Binance address, adding that the wallet had not been used before.
Experts believe that the hacker chose to swap ERC-20 tokens for ETH due to its high liquidity. Unlike stablecoins, ETH cannot be blocked. ERC-20 tokens have a contract function that allows the owners to maintain a list of prohibited addresses, preventing interactions with blacklisted addresses. However, ETH lacks this feature as it operates on the core Ethereum protocol, which does not allow for address permission modifications.
Akhsay Nassa, co-founder of Chimp DEX, shared a similar opinion, suggesting that the attacker wants to avoid having the funds frozen by authorities. Nassa explained that ETH’s active market and cross-chain bridges make it ideal for quick and fair trades while obscuring the trail.
The hack occurred due to the exploitation of WazirX’s wallet management system. Discrepancies in data displayed by Liminal, the digital asset custody and wallet infrastructure provider for the exchange, were detected. The WazirX team suspects that the attacker replaced the payload to gain control of the wallets.
Some experts, including crypto sleuth ZachXBT and blockchain analytics firm Elliptic, speculate that North Korea’s Lazarus group may have been involved.
WazirX has temporarily halted withdrawals for both cryptocurrencies and fiat and has stated its commitment to recovering the stolen funds.